Sunday, November 8, 2015

FERC Confirms It

On November
4, 2015, EnergyWire ran a story[i] quoting
a FERC spokesperson as confirming what I reported in a recent post – that FERC
will be conducting CIP v5 audits for some NERC entities, in place of the NERC
region. To quote[ii]
from the story:

FERC's decision,
which has not been officially announced, was confirmed yesterday by Mary
O'Driscoll, commission director of media relations, in response to a query.
FERC and NERC have concurrent authority to audit and enforce cybersecurity
standards. "However, historically, FERC has exercised its audit authority
in only a few rare cases," O'Driscoll said.

"FERC is
conducting these audits because CIP v5 is a major change in applicable
requirements in a very important area of the standards," she said. FERC's
action was not motivated by concern over the quality of audits by the regional
entities, she added.

The same article states:

Several other
regional organizations have also reported the change. Kim Israelsson,
compliance program coordinator for the Western Electricity Coordinating Council
(WECC), sent an email this week noting that FERC would conduct "limited
monitoring activities" on the CIP5 rules. WECC is the regional
organization for 14 Western states and parts of Canada and Mexico.

The views and opinions expressed here are my own and don’t
necessarily represent the views or opinions of Deloitte Advisory.

[i]
Since EnergyWire is a
subscription-based service, non-subscribers will need to sign up for the free
trial to read the story. In the interest of full disclosure, I want to point out that the article does quote liberally from my original post on this story.